263021 – REGRESSION(269168@main): Introduced crashes in debug

Bug 263021 - REGRESSION(269168@main): Introduced crashes in debug

Summary: REGRESSION(269168@main): Introduced crashes in debug

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	WebKit Commit Bot

URL:
Keywords:	InRadar

Depends on:
Blocks:	260642
	Show dependency tree / graph

Reported:	2023-10-11 10:02 PDT by WebKit Commit Bot
Modified:	2023-10-11 10:08 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
REVERT of 269168@main (2.96 KB, patch) 2023-10-11 10:02 PDT, WebKit Commit Bot	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description WebKit Commit Bot 2023-10-11 10:02:47 PDT

https://commits.webkit.org/269168@main introduced a regression:
Introduced crashes in debug

This is an automatic bug report generated by webkitbot. If this bug
report was created because of a flaky test, please file a bug for the flaky
test (if we don't already have one on file) and dup this bug against that bug
so that we can track how often these flaky tests fail.

Comment 1 WebKit Commit Bot 2023-10-11 10:02:56 PDT

Created attachment 468174 [details]
REVERT of 269168@main

Any committer can land this patch automatically by marking it commit-queue+.  The commit-queue will build and test the patch before landing to ensure that the revert will be successful.  This process takes approximately 15 minutes.

If you would like to land the revert faster, you can use the following command:

  webkit-patch land-attachment ATTACHMENT_ID

where ATTACHMENT_ID is the ID of this attachment.

Comment 2 Chris Dumez 2023-10-11 10:06:24 PDT

CRASHING TEST: fast/css/stylesheet-layout-with-pending-paint-expected.html


Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x138a02244 WTFCrash + 24 (Assertions.cpp:333)
1   WebCore                       	       0x282d078ac WTFCrashWithInfo(int, char const*, char const*, int) + 36 (Assertions.h:778)
2   WebCore                       	       0x284134440 WebCore::HTMLLinkElement::clearSheet() + 240 (HTMLLinkElement.cpp:374)
3   WebCore                       	       0x2841346c0 WebCore::HTMLLinkElement::removedFromAncestor(WebCore::Node::RemovalType, WebCore::ContainerNode&) + 152 (HTMLLinkElement.cpp:408)
4   WebCore                       	       0x283aed8d4 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) + 324 (ContainerNodeAlgorithms.cpp:126)
5   WebCore                       	       0x283aed9c8 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) + 568 (ContainerNodeAlgorithms.cpp:134)
6   WebCore                       	       0x283aed9c8 WebCore::notifyNodeRemovedFromDocument(WebCore::ContainerNode&, WebCore::TreeScopeChange, WebCore::Node&) + 568 (ContainerNodeAlgorithms.cpp:134)
7   WebCore                       	       0x283aed6f4 WebCore::notifyChildNodeRemoved(WebCore::ContainerNode&, WebCore::Node&) + 204 (ContainerNodeAlgorithms.cpp:178)
8   WebCore                       	       0x283ae6820 WebCore::removeDetachedChildrenInContainer(WebCore::ContainerNode&) + 408 (ContainerNodeAlgorithms.cpp:197)
9   WebCore                       	       0x283ae663c WebCore::ContainerNode::removeDetachedChildren() + 140 (ContainerNode.cpp:346)
10  WebCore                       	       0x283b5558c WebCore::Document::removedLastRef() + 580 (Document.cpp:828)
11  WebCore                       	       0x283d381a8 WebCore::Node::removedLastRef() + 160 (Node.cpp:2640)
12  WebCore                       	       0x280182430 WebCore::Node::deref() const + 568 (Node.h:822)
13  WebCore                       	       0x2806d0b68 WebCore::EventTarget::deref() + 52 (Node.h:908)
14  WebCore                       	       0x280c0e004 WTF::DefaultRefDerefTraits<WebCore::EventTarget>::derefIfNotNull(WebCore::EventTarget*) + 48 (RefPtr.h:43)
15  WebCore                       	       0x280c0dfc4 WTF::RefPtr<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~RefPtr() + 44 (RefPtr.h:75)
16  WebCore                       	       0x280c0df58 WTF::RefPtr<WebCore::EventTarget, WTF::RawPtrTraits<WebCore::EventTarget>, WTF::DefaultRefDerefTraits<WebCore::EventTarget>>::~RefPtr() + 32 (RefPtr.h:75)
17  WebCore                       	       0x283c97268 WebCore::Event::~Event() + 80 (Event.cpp:90)
18  WebCore                       	       0x283c97eb4 WebCore::Event::~Event() + 32 (Event.cpp:90)
19  WebCore                       	       0x283c97ee4 WebCore::Event::~Event() + 32 (Event.cpp:90)
20  WebCore                       	       0x282d551dc std::__1::default_delete<WebCore::Event>::operator()[abi:v160006](WebCore::Event*) const + 92 (unique_ptr.h:65)
21  WebCore                       	       0x2803a9c40 WTF::RefCounted<WebCore::Event, std::__1::default_delete<WebCore::Event>>::deref() const + 56 (RefCounted.h:190)
22  WebCore                       	       0x282d55168 WTF::Ref<WebCore::Event, WTF::RawPtrTraits<WebCore::Event>>::~Ref() + 80 (Ref.h:61)
23  WebCore                       	       0x28044b980 WTF::Ref<WebCore::Event, WTF::RawPtrTraits<WebCore::Event>>::~Ref() + 32 (Ref.h:55)
24  WebCore                       	       0x280d1d654 WebCore::JSDOMWrapper<WebCore::Event, WTF::RawPtrTraits<WebCore::Event>>::~JSDOMWrapper() + 36 (JSDOMWrapper.h:74)
25  WebCore                       	       0x280d1d620 WebCore::JSEvent::~JSEvent() + 32 (JSEvent.h:30)
26  WebCore                       	       0x280cb09a4 WebCore::JSEvent::~JSEvent() + 32 (JSEvent.h:30)

Comment 3 Chris Dumez 2023-10-11 10:06:48 PDT

It is flaky but one should be able to reproduce pretty easily by running the fast/css tests in debug.

Comment 4 EWS 2023-10-11 10:07:38 PDT

Committed 269203@main (8f02a8f5aca1): <https://commits.webkit.org/269203@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 468174 [details].

Comment 5 Radar WebKit Bug Importer 2023-10-11 10:08:16 PDT

<rdar://problem/116815789>